Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-12457

    expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.... Read more

    Affected Products : expresscart express-cart
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12456

    Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote acces... Read more

    Affected Products : nplug_firmware nplug
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-12455

    Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.... Read more

    Affected Products : nplug_firmware nplug
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12454

    The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read wi... Read more

    Affected Products : 1000_guess
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12453

    Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.... Read more

    Affected Products : redis
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12449

    The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.... Read more

    Affected Products : whale whale_browser_installer
    • Published: Oct. 11, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2018-12448

    Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.... Read more

    Affected Products : whale
    • Published: Aug. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12447

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.... Read more

    Affected Products : libbpg
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.6

    LOW
    CVE-2018-12446

    An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authentica... Read more

    Affected Products : dropbox
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12445

    An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with... Read more

    Affected Products : dropbox
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12441

    The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control o... Read more

    Affected Products : corsair_utility_engine
    • Published: Oct. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12440

    BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on ... Read more

    Affected Products : boringssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12439

    MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machin... Read more

    Affected Products : matrixssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12438

    The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local ma... Read more

    Affected Products : libsunec
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12437

    LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine ... Read more

    Affected Products : op-tee libtomcrypt
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12436

    wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a di... Read more

    Affected Products : wolfssl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12435

    Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the a... Read more

    Affected Products : botan
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2018-12434

    LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a differe... Read more

    Affected Products : libressl
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-12433

    cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on ... Read more

    Affected Products : cryptlib
    • Published: Jun. 15, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12432

    JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.... Read more

    Affected Products : javamelody javamelody
    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294264 Results